Description
Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks. In order to exploit this vulnerability, an attacker has to log in to the router's administrative portal, which by default is reachable only via LAN ports.
References (2)
Core 2
Core References
Various Sources third-party-advisory
https://cert.pl/en/posts/2025/11/CVE-2025-8890
Various Sources technical-description
https://www.securitum.com/cve-2025-8890.html
Scores
CVSS v4
9.3
EPSS
0.0085
EPSS Percentile
53.4%
CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (1)
SDMC/NE6037
< 7.1.12.2.44
Published
Nov 27, 2025
Tracked Since
Feb 18, 2026